sharing reverse engineering knowledge

Today we released a minor update for HexRaysCodeXplorer (v1.2). This version contains a lot of bug fixes and supporting IDA v6.6 and Hex-Rays Decompiler (x86) v2.0. The source code already avalible on GitHub!

In this blog post we would like to account for «Type Reconstruction» feature of HexRaysCodeXplorer plugin, what motivated us for developing it, the basic ideas behind its implementation and how to use it.

HexRaysCodeXplorer - open source plugin, the source code will be shared after the first stable release. Today we started public beta-test. If you want to join check REhint’s GitHub repository. Thanks for all REsearchers who support us and we waiting yours feedback!

REcon conference has been a great event this year! For us, it’s one of the most interesting conferences to present research about hardcore reverse engineering stuff. In this year most of the talks at REcon were focused on hardware reverse engineering. So we are those of a few people who were speaking about software RE and presented our talk Reconstructing Gapz: Position-Independent Code Analysis Problem.

On REcon conference on this week we will be speaking about Gapz bootkit and presenting our plugin for Hex-Rays Decompiler - HexRaysCodeXplorer. We already have been working for a long time with static code analysis of such complex threats as Stuxnet, Flame, Festi and many more. In the course of the research of the Gapz bootkit we faced the problem of position independent code analysis once again. This motivated us for developing a plugin for Hex-Rays decompiler which makes the process of reversing position independent and object oriented code easier.